Sign in Subscribe
9 min read

CyberSecStats #2 - Email security, insider threats, budgets, and more...

CyberSecStats #2 February 2025 cybersecurity statistics - Email security, insider threats, budgets, and more...

Hello! 👋🏼 Laura from CyberSecStats here with a monthly email of the latest cybersecurity statistics pulled from recent vendor reports and research papers. 

All of the stats below were published by cybersecurity vendors in the past four months, with most being from the past two months (i.e., 2025).

✉️ Email Security

  1. Email was the primary method for delivering malware to endpoints, accounting for 52% of threats in Q3 2024. (HP Wolf Security)
  2. Manufacturing, Finance, and Law Firms were the top three most targeted industries for email crime in 2023 and the first half of 2024. (At-Bay)
  3. 56% of respondents are engaging managed services for email security/anti-phishing. (Fortra)
  4. Only 34% of email incidents are formally reported. (Zivver)
  5. 67% of IT leaders claim that email doesn’t get the security attention it deserves. (Zivver)

Insider threats/outbound email breaches 

  1. Two-thirds of IT leaders acknowledge that outbound breaches from human errors cause more data loss than social engineering attacks. (Zivver)
  2. 73% of employees are aware of email security policies, but just 52% adhere to them. (Zivver)
  3. Employees frequently send the wrong attachment (33%), misaddress emails to unintended recipients (32%), or misuse CC and BCC fields (20%). (Zivver)

🎣 Phishing

  1. Phishing is a dominant threat, accounting for over 80% of reported security incidents in 2024. (Zivver)
  2. More than 8 out of every 1,000 users clicked on a phishing link each month, up 190% from last year. (Netskope)
  3. Enterprise users clicked on phishing lures at a rate nearly three times higher in 2024 compared to 2023. (Netskope)
  4. 45% of ransomware incidents were delivered via phishing. (Illumio)
  5. 83% of organisations identified Phishing/Smishing as a top security concern. (Fortra)

Phishing tactics

  1. URL redirection was the most employed tactic regarding phishing links (51%), followed by compromised websites (19%) and newly created domains (7%). (Vipre)
  2. The use of QR codes for phishing peaked at 12% in Q4 of 2024. (Vipre)
  3. Voice phishing increased by 442% between H1 and H2 2024. (Crowdstrike)
  4. Criminals used 'Impersonation' as a tactic in an average of 88% of all BEC cases. (Vipre)

This post is for subscribers only